Law enforcement agencies across the globe and members of the private sector announced today they shut down the Andromeda (Gamarue or Wauchos) botnet.
The takedown took place last Wednesday, November 29, 2017. Law enforcement organizations that participated in the takedown include the Federal Bureau of Investigation (FBI), the Luneburg Central Criminal Investigation Inspectorate in Germany, Europol’s European Cybercrime Centre (EC3), the Joint Cybercrime Action Task Force (J-CAT), and Eurojust.
Private sector partners that also lend a big hand include the Shadowserver Foundation, Microsoft, ESET, Registrar of Last Resort, Internet Corporation for Assigned Names and Numbers (ICANN) and associated domain registries, Fraunhofer Institute for Communication, Information Processing and Ergonomics (FKIE), and the German Federal Office for Information Security (BSI).
What is Andromeda
Andromeda (Gamarue, Wauchos) is a name used to describe a botnet (network) of computers infected with the eponymous malware.
During all this time, Andromeda’s operator used the botnet to send spam that infected new users, keeping the botnet alive, but also delivered second-stage malware to already infected users. This tactic allowed the Andromeda owner to make a profit by renting the botnet to other crooks.
According to telemetry data gathered by Microsoft, at the time it was shut down, the Andromeda botnet delivered 80 different…